FBI says it is "reviewing" PSN security breach

The Federal Bureau of Investigation (FBI) is currently “reviewing” a recent security breach that compromised user data and downed the PlayStation Network (PSN) for over a week.

“The FBI is aware of the reports concerning the alleged intrusion into the Sony on line game server and we have been in contact with Sony concerning this matter,” special agent Darrell Foxworth told Kotaku.

“We are presently reviewing the available information in an effort to determine the facts and circumstances concerning this alleged criminal activity.”

Meanwhile, at least two dozen state AG’s have kicked off their own investigation of the incident, with the FTC confirming it could theoretically claim jurisdiction in a case that involved loss of customer data via a security breach. 

“The fact that sensitive information was apparently accessed without authorization makes me especially concerned about the possibility of financial fraud and targeted phishing scams,” Connecticut Attorney General George Jepsen wrote in an official letter to SCE CEO Jack Tretton.

“What is more troubling is Sony’s apparent failure to promptly and adequately notify affected individuals of this large-scale breach.”

As expected, a number of other countries aside from the United States have expressed concern over the embarrassing and damaging security lapse.

For example, the city of Taipei (Taiwan) is apparently demanding that Sony provide satisfactory details about the leak within 10 days or face heavy fines for alleged breaches of local consumer protection laws. 

“Manufacturers and service providers should take responsibility for their customers’ reasonable expectations of security, including personal information security,” Taiwan capital’s Law and Regulation Commission said in a letter obtained by PC World.

“This incident [is said to] involve leaks of consumer names, e-mails, birth dates and even credit card information.”

Indeed, security researchers say stolen credit card information may already be up for sale on various Internet forums.

“The hackers that hacked PSN are selling off the DB. They reportedly have 2.2 million credits cards with CVVs,” Trend Micro security expert Kevin Stevens claimed in a tweet.

“Supposedly the hackers selling the DB says it has: fname, lnam, address, zip, country, phone, email, password, dob, ccnum, CVV2, exp date… It is not a rumor, it was a conversation on a criminal forum. [Still], I never saw the DB so I can’t verify if it is real.”